The SecurityFaq points to a number of places that provide overviews of specific areas, and also tell you how that ties into the Java landscape (the "Java Security Evolution and Concepts" articles).

I'm a big fan of Bruce Schneier's writing, so I'd say start with the podcast that's linked there, and then maybe the book Secrets & Lies. That'll provide the big picture that tends to get lost amid all the arcane technical details of implementing digital security.